Beta: Juice Jacking is one of the most underrated security threats around. It can be used by an attacker to take complete control of your smartphone and inject malicious code. Here, the attacker compromises a public USB charging port and the innocent users are fooled into plugging their phone to it. To keep yourself, it’s recommended to carry a battery pack or use your own charger and an electrical port.
Due to the continuous struggle to make the smartphones thinner, the manufacturers are unable to considerably increase the capacity of batteries. To solve such problem, different authorities have installed USB charging ports at public places. While they might seem like a blessing, they bring along a hidden threat.
Juice Jacking is a hidden risk!
The risk being talked about here is called juice jacking, a term that was coined back in 2011. Wondering how does juice jacking work? Well, it doesn’t matter what kind of smartphone are you using–it transfers power and data over the same cable. This feature allows the hacker to create a simple exploit and inject a malware into the device by accessing the USB port illegally.
It might be done by taking control of a charging kiosk. In technical terms, here, the attack vector is the device’s USB port and the exposure factor is based on a user’s awareness and battery life.
To bring this threat into the limelight and educate the attendees, at DefCon 2011, security researchers built such charging kiosks. When no device was connected, the LCD fitted into the charging station showed “Free Cell Phone Charging Kiosk.” However, when someone plugged in a device, a warning was shown.
My battery is dying–how to safely charge it and avoid juice jacking?
You can obviously carry a power bank or extra batteries on the go. This is the safest and most convenient solution. The safe route is to charge your device using the supplied charger that plugs into a regular electrical port. In my personal experience, finding a regular electric port is very easy nowadays.
If you’re left with no choice and you’re stuck, you can power off the device completely and then plug it in. The research has shown that powering the device off doesn’t expose the data.